NullSec Linux 2.0: Security-Focused Distribution

NullSec Linux 2.0 is a hardened, security-focused distribution built with Lateralus tooling. 250+ pre-configured security tools, Nullkia desktop, Marshall browser, and a kernel with grsecurity patches. Everything a security professional needs, nothing they don't.

◉ Design Philosophy

NullSec is opinionated:

• Security by default — Not an afterthought, the foundation
• Minimal attack surface — No unnecessary services, no bloat
• Auditable — Every package, every config, documented
• Tool-complete — Everything you need pre-installed and configured

◉ Pre-Installed Tools

250+ security tools organized by category:

Reconnaissance

nmap, masscan, rustscan          # Port scanning
amass, subfinder, assetfinder    # Subdomain enumeration
theHarvester, recon-ng           # OSINT
shodan-cli, censys               # Internet-wide scanning
whois, dig, dnsenum              # DNS reconnaissance

Web Application

burpsuite, zap                   # Proxy/scanner
sqlmap, nosqlmap                 # Injection
nikto, whatweb                   # Fingerprinting
wfuzz, ffuf, gobuster            # Fuzzing
nuclei                           # Vulnerability scanning

Network

wireshark, tshark, tcpdump       # Packet capture
ettercap, bettercap              # MITM
responder, impacket              # Windows/AD
netcat, socat, ncat              # Networking utilities

Exploitation

metasploit, msfvenom             # Framework
searchsploit, exploit-db         # Exploit database
pwntools, ropper, ropgadget      # Binary exploitation
crackmapexec, evil-winrm         # Post-exploitation

Password/Crypto

hashcat, john                    # Password cracking
hydra, medusa, ncrack            # Online brute force
hashid, hash-identifier          # Hash identification
openssl, gnupg                   # Crypto utilities

Wireless

aircrack-ng, airmon-ng           # WiFi auditing
wifite, reaver, bully            # WPS attacks
kismet, wireshark                # Wireless capture
hcxdumptool, hcxtools            # WPA3/PMKID

Forensics

autopsy, sleuthkit               # Disk forensics
volatility3                      # Memory forensics
binwalk, foremost                # File carving
exiftool, steghide               # Metadata/stego

◉ Kernel Hardening

NullSec ships with Linux 6.8 + grsecurity patches:

# Enabled by default
CONFIG_GRKERNSEC=y
CONFIG_PAX=y
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PTRACE_READEXEC=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODHARDEN=y

• ASLR+ — Enhanced address space randomization
• PaX — Memory protection (NOEXEC, MPROTECT)
• RBAC — Role-based access control
• Chroot hardening — Prevent chroot escapes
• Trusted path execution — Only execute from trusted paths

◉ System Hardening

# /etc/sysctl.d/99-nullsec.conf

# Network hardening
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv6.conf.all.accept_ra = 0

# Kernel hardening
kernel.kptr_restrict = 2
kernel.dmesg_restrict = 1
kernel.perf_event_paranoid = 3
kernel.yama.ptrace_scope = 3
kernel.unprivileged_bpf_disabled = 1

# Module hardening
kernel.modules_disabled = 0  # Set to 1 after boot if needed

◉ Lateralus Integration

Full Lateralus SDK pre-installed with security-focused tools:

// ltl-security - pipeline-based security toolkit

// Scan network
ltl-security scan 192.168.1.0/24
    |> filter(fn(h) { h.ports |> any(fn(p) { p.state == "open" }) })
    |> map(fn(h) { { ip: h.ip, services: h.services } })
    |> json

// Analyze logs
ltl-security logs /var/log/auth.log
    |> filter(fn(e) { e.type == "failed_login" })
    |> group_by(fn(e) { e.source_ip })
    |> filter(fn(g) { len(g.items) > 5 })
    |> map(fn(g) { { ip: g.key, attempts: len(g.items) } })

// Hash cracking wrapper
ltl-security crack hashes.txt
    |> with_wordlist("/usr/share/wordlists/rockyou.txt")
    |> with_rules("best64")
    |> run

◉ Editions

Desktop Edition

• Nullkia desktop environment
• Marshall browser
• Full GUI tool suite
• ~4.5 GB ISO

Server Edition

• Minimal CLI-only
• Headless operation
• Container-ready
• ~1.2 GB ISO

ARM64 Edition

• Raspberry Pi 4/5, Apple Silicon
• Mobile pentesting
• ~3.8 GB ISO

◉ Installation

# Download ISO
wget https://lateralus.dev/download/nullsec-2.0-desktop-amd64.iso

# Verify signature
gpg --verify nullsec-2.0-desktop-amd64.iso.sig

# Write to USB
sudo dd if=nullsec-2.0-desktop-amd64.iso of=/dev/sdX bs=4M status=progress

# Boot and follow installer

Post-Install

# Update tools
sudo nullsec-update

# Configure network interfaces
sudo nullsec-netconfig

# Start services (disabled by default)
sudo systemctl start postgresql  # For metasploit
sudo systemctl start docker      # For containers

◉ Privacy Features

• Tor pre-configured — Route all traffic through Tor with one command
• I2P available — Access .i2p sites
• MAC randomization — Automatic on wireless interfaces
• No telemetry — Nothing phones home, ever
• Ephemeral mode — RAM-only option, nothing persists

◉ Comparison

Feature	NullSec	Kali	Parrot
grsecurity kernel	✓	✗	~
Lateralus SDK	✓	✗	✗
Custom DE (Nullkia)	✓	✗	✗
Privacy browser	Marshall	Firefox	Firefox
ARM64 support	✓	✓	✓
Tool count	250+	600+	400+
Base RAM usage	~400MB	~800MB	~600MB

Download NullSec Linux — Desktop, Server, and ARM64 editions available.